SMTP Smuggling is a technique that allows you to send e-mail from almost any e-mail address by hiding another e-mail message in the data flow of an e-mail communication. Basically, another e-mail is injected into the message by exploiting interpretation differences in the SMTP protocol. Since the main message successfully passes security checks such as SPF, DKIM and DMARC, the injected message is delivered to the recipient boxes without any warning.
On June 6, 2023, security researchers discovered a vulnerability in Roundcube’s “markasjunk” plugin. This vulnerability allow attackers to execute command by sending a specifically crafted identity email address through plugin.
Although the CVSSv3 score of the vulnerability is defined as “6.5”, according to Cyberthint analysts, its impact is actually critical and CWE ID: CWE-77.
Affected Versions: Roundcube versions 1.6.1 and earlier versions, when the markasjunk plugin is enabled.
Joomla is used in many websites as a popular content management system. On February 16, 2023, a critical vulnerability with the identifier “CVE-2023-23752” was announced for Joomla. This vulnerability allows unauthorized users to access sensitive information on the website.
A heap buffer underflow vulnerability has been identified in the management interface of Fortinet’s FortiOS and FortiProxy products. CVSSv3 score was determined as 9.3 of the vulnerability tracked by code CVE-2023-25610.
This security vulnerability allows threat actors to unauthorized code/commands execution or perform DoS attacks with specially generated with HTTP requests.